This week, Microsoft released a critical security update to address a zero-day vulnerability in Windows that could allow a malicious user to take over an exploited computer. This update comes a week after the company released its July 2015 Security Bulletin, which included a number of additional security and operating system updates. For more information on these updates, see Microsoft’s Security Bulletin page.

Apple:

On June 30, Apple released a number of security updates to address vulnerabilities in OS X Yosemite, iOS 8.4, and Safari, as well as iTunes and QuickTime for Windows. For more information, see Apple’s Security Updates page.

Adobe:

Adobe recently released updates for Acrobat, Reader, Flash Player, and Shockwave Player. These updates include critical fixes for zero-day vulnerabilities in Flash Player. For more information about these updates, visit the Adobe Security Bulletins and Advisories page.

Oracle:

Oracle released its quarterly security update on July 17, which addresses vulnerabilities in Java and other products. For more information about these updates, see Oracle’s Software Security Assurance Blog.

ITS recommends that you keep your computers and other devices up to date with the latest security fixes in order to protect your devices and your data from malicious code and unauthorized access. For instructions on setting your computer to automatically check for updates, visit the ITS Information Security Tips page.

]]>http://it-security.usc.edu/2015/07/23/recent-security-updates/feed/0Security Update for Adobe Flash Playerhttp://it-security.usc.edu/2015/07/10/security-update-for-adobe-flash-player/?utm_source=rss&utm_medium=rss&utm_campaign=security-update-for-adobe-flash-player
http://it-security.usc.edu/2015/07/10/security-update-for-adobe-flash-player/#commentsFri, 10 Jul 2015 23:19:51 +0000https://it-security.usc.edu/?p=960Continue reading →]]>Adobe has released a security update for Flash Player. This update addresses a recently disclosed zero-day vulnerability that could result in system crashes and remote code execution.

ITS recommends that you keep your computers and other devices up to date with the latest security fixes in order to protect your devices and your data from malicious code and unauthorized access. For instructions on setting your computer to automatically check for updates, visit the ITS Security page.

]]>http://it-security.usc.edu/2015/07/10/security-update-for-adobe-flash-player/feed/0Phishing Warning 2015-05-05http://it-security.usc.edu/2015/05/05/phishing-warning-2015-05-05/?utm_source=rss&utm_medium=rss&utm_campaign=phishing-warning-2015-05-05
http://it-security.usc.edu/2015/05/05/phishing-warning-2015-05-05/#commentsTue, 05 May 2015 17:19:22 +0000https://it-security.usc.edu/?p=944Continue reading →]]>Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as soon as possible by going to the ITS website at itservices.usc.edu and clicking the link called change your password on the top menu bar.

This is to notify you that your web-mail has exceeded the set Quota limit due to unseen files and folders on your mailbox.Kindly visit: http://adminverinow.xx.tn and input the vital information to increase your quota limit.

Failure to upgrade/increase your quota limit within 24hrs may result to loss of important information on your mailbox or cause restricted access to it.

_______________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________

Note several features that indicate this is a phish:

The email asks you to follow a link to a non-USC website. You should never enter your USC credentials on a non-USC webpage, especially when directed there by an unsolicited email.

]]>http://it-security.usc.edu/2015/03/10/for-your-reference-phishing-scams-targeting-university-employees/feed/0“ITS Administrative Support” phishhttp://it-security.usc.edu/2015/03/04/its-administrative-support-phish/?utm_source=rss&utm_medium=rss&utm_campaign=its-administrative-support-phish
http://it-security.usc.edu/2015/03/04/its-administrative-support-phish/#commentsWed, 04 Mar 2015 20:45:54 +0000https://it-security.usc.edu/?p=933Continue reading →]]>Many people received the following phish. Signs that this is not a legitimate email:

It was sent from a non-USC address: dorismacdonald@conejousd.org.

It is not our standard password expiration warning.

The target link is not a USC site: hxxp://helpdesksecure.moonfruit.com/

We have blocked further email and the site. If you clicked on the link and provided your credentials before we blocked the site, please change your password immediately.

]]>http://it-security.usc.edu/2015/03/04/its-administrative-support-phish/feed/0Malware spam with subject “Invoice”http://it-security.usc.edu/2015/03/04/malware-spam-with-subject-invoice/?utm_source=rss&utm_medium=rss&utm_campaign=malware-spam-with-subject-invoice
http://it-security.usc.edu/2015/03/04/malware-spam-with-subject-invoice/#commentsWed, 04 Mar 2015 19:19:21 +0000https://it-security.usc.edu/?p=922Continue reading →]]>Many people received the following email. The original malicious payload was replaced with the file “Replacement.txt” but the message was still delivered instead of quarantined. We are working with the department that runs the originating email server to resolve this issue. Please delete the message.

]]>http://it-security.usc.edu/2015/03/04/malware-spam-with-subject-invoice/feed/0Phishing Scam Regarding Financial Services Provider John Hancockhttp://it-security.usc.edu/2015/02/19/phishing-scam-involving-john-hancock/?utm_source=rss&utm_medium=rss&utm_campaign=phishing-scam-involving-john-hancock
http://it-security.usc.edu/2015/02/19/phishing-scam-involving-john-hancock/#commentsThu, 19 Feb 2015 19:30:26 +0000https://it-security.usc.edu/?p=916Continue reading →]]>ITS is aware of suspicious emails sent to members of higher education communities as part of a phishing scam aimed at obtaining individuals’ personal information. These emails appear to originate from the financial services provider John Hancock and instruct recipients to verify their records by clicking a link to supply personal information on an online website form.

These emails were not sent by John Hancock. The company is investigating the matter and has taken steps to have the fake websites disabled. John Hancock has notified ITS about the phishing scam and assured us that they will never request personal, financial, or password information through unsolicited emails.

If you receive such an email, do not click the link or reply to the email in any way.

]]>http://it-security.usc.edu/2015/02/19/phishing-scam-involving-john-hancock/feed/0Anthem-related Email Scamshttp://it-security.usc.edu/2015/02/06/anthem-related-email-scams/?utm_source=rss&utm_medium=rss&utm_campaign=anthem-related-email-scams
http://it-security.usc.edu/2015/02/06/anthem-related-email-scams/#commentsFri, 06 Feb 2015 20:32:41 +0000https://it-security.usc.edu/?p=910Continue reading →]]>The university has been alerted to several scams related to the recent cyber attacks against the medical insurance provider Anthem.

Individuals should be aware of scam email campaigns targeting current and former Anthem members. These scam emails, known as phish, are designed to capture personal information and appear as if they were sent by Anthem. The emails include a “click here” link to sign up for credit monitoring. These emails are NOT from Anthem.

DO NOT click on any links in email purporting to be from Anthem and offering services such as credit monitoring.

DO NOT reply to the email or reach out to the senders in any way.

DO NOT supply any information on the website that may open if you have clicked on a link in the email.

DO NOT open any attachments sent with the email.

Note also that Anthem is not calling members regarding the cyber-attack and is not asking for credit card information or social security numbers over the phone.

This outreach is from scam artists who are trying to trick consumers into sharing personal data. There is no indication that the scam email campaigns are being conducted by those that committed the cyber-attack or that the information accessed in the attack is being used by the scammers.

Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the cyber-attack with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and ID protection services.

For more information about Anthem’s response to this event, see http://www.anthemfacts.com/faq.

]]>http://it-security.usc.edu/2015/02/06/anthem-related-email-scams/feed/0FBI Issued Warning – Destructive “Wiper” Malwarehttp://it-security.usc.edu/2014/12/03/fbi-issued-warning-destructive-wiper-malware/?utm_source=rss&utm_medium=rss&utm_campaign=fbi-issued-warning-destructive-wiper-malware
http://it-security.usc.edu/2014/12/03/fbi-issued-warning-destructive-wiper-malware/#commentsWed, 03 Dec 2014 21:50:55 +0000https://it-security.usc.edu/?p=903Continue reading →]]>The FBI released a warning to a wide range of companies that a U.S. business had experienced a malicious software that wipes data from every hard drive it touches. This malware (some refer to as “wiper”) overwrites computers beyond the point of recovery and prevents computers from rebooting. Security experts have indicated it is nearly impossible to recover using standard means.

This serves as a reminder to make certain that backups exist for your systems, that backup restore capabilities have been tested, and to contact security@usc.edu if you have any observations to share and/or questions.

]]>http://it-security.usc.edu/2014/12/03/fbi-issued-warning-destructive-wiper-malware/feed/0Fake UPS/FedEx/DHL emailhttp://it-security.usc.edu/2014/12/02/fake-upsfedexdhl-email/?utm_source=rss&utm_medium=rss&utm_campaign=fake-upsfedexdhl-email
http://it-security.usc.edu/2014/12/02/fake-upsfedexdhl-email/#commentsTue, 02 Dec 2014 21:38:50 +0000https://it-security.usc.edu/?p=895Continue reading →]]>Every year around this time, we see a significant increase in the volume of fake email claiming to be from UPS, FedEx, DHL, etc. Please examine these messages carefully before opening/saving an attachment or clicking on a link.

The attachments claim to be an invoice, shipment tracking, or some other important document but are actually malware disguised as a PDF, ZIP or program. UPS and FedEx never email this content.

The links claim to let you track a package, register your account, or stop UPS from disabling your account. The links will look legitimate but if you hover over them or view the email source, you will see that the links actually take you to fake sites. Here is an email that was sent to dozens of people today. The link appears to be webapps.ups.com but actually downloads a ZIP file from documents-receive.com:

If you receive any suspicious email, please forward to security@usc.edu so we can analyze and block if necessary. Thank you.